Going Extreme for Health Care
Koen Vanderkimpen @koenvdk
Dirk Deridder @dirkderidder
When Security, Performance, Scalability, and Availability all want to be the star of the show
4/02/2013
Smals
2
Dirk Deridder
Koen Vanderkimpen
Preferred ICT Partner of Social Security and Health Care Institutions in Belgium
Smals Research Team
Dedicated to introducing innovative IT in e-Government And solving clients' more abstract problems
1.5 years @ Smals, specializing in OO, software develop- ment, version control; implemented first demo of the PCS
1 year @ Smals, specializing in dynamic programming languages, software architecture, Agile and XTP
4/02/2013
3
What Follows
1. The Project: which challenges?
2. Security: Novel Approach using threshold encryption
3. Conflicting Challenges in a High-Risk Project
4. Extreme Transaction Processing
5. Conclusions
6. Questions
4/02/2013
4
Mission:
« Build a highly secure platform to exchange Patient Data between Healthcare actors within
Flanders/Be/EU/… »
1. The Project: A Primary Care Safe (PCS)
4/02/2013
5
The "PCS manifesto":
• Security, Privacy, Confidentiality
• 24/7 always-on
• Generic, Multi-Purpose, Shared
Thoroughly Patient-Centric Vision
• Ready for Growing Data & Usage
• Performant (4s response time)
Some NFR's…
4/02/2013
6
Functionality
• PUT
(a file, or part of it)
• GET
• DELETE
Patient File
Medication
Parameters
Allergies
Journal
…
Anti-Diabetical
Anti-Aids
Blood Pressure
Heart Condition
Other
Pulse
Entries
Entry1
Entry2 …
(Versioning)
(Fine-Grained DataModel)
4/02/2013
7
(for Flanders)
• Patients: 6.5 million
• Users (medical professionals): 51000
• File accesses per day/user: 7.2
• Starting file size: 50K (towards 5M)
Some Figures
What if?
• All of Belgium joins in?
• Patients get access?
• Mobile usage develops?
4/02/2013
8
2. PCS – Novel Security Architecture
• "end-user eyes only"
• "distributed trust"
File
(Only Encrypted Messages)
Alice Bob
PCS Dokters Org Gov (ehealth)
host & control control
4/02/2013
9
Symmetric Encryption
Message
Secret key Encrypted Message
Alice Bob
4/02/2013
10
Assymmetric Encryption (Public Key)
Public Key Private Key
= +
4/02/2013
11
Primary Care Safe - PCS
Bob
PCS
Dokters.Org
4/02/2013
12
Threshold Encryption (Public Key)
• Main Idea: a minimum number (= the threshold) of people needed to decrypt
1
2
1
2 Public Key
Bob
Marc
Alice
Partial Decryption
Combination
4/02/2013
13
Primary Care Safe - PCS
Dr. Bob
PCS Dokters Org Gov (ehealth)
1
2
1 2
1
2
Patent Pending!
4/02/2013
14
Fine-Grained Access Control
Patient File
Medication
Parameters
Allergies
Journal
…
Anti-Diabetical
Anti-Aids
Blood Pressure
Heart Condition
Other
Pulse
Entries
Entry1
Entry2 …
4/02/2013
15
• Exchange Platform for Medical Data
• Eventually for 6500000 patients (all of Flanders) – A few 1000 to start
Growing data (e.g. lifetime biometrics)
• For many different applications
• Provided by the Government
• Security + Fine-grained Access
3. Roundup: Primary Care Safe (PCS)
4/02/2013
16
• Exchange Platform for Medical Data
• Eventually for 6500000 patients (all of Flanders) – A few 1000 to start
Growing data (e.g. lifetime biometrics)
• For many different applications
• Provided by the Government
• Security + Fine-grained Access
Availability
4/02/2013
17
• Exchange Platform for Medical Data
• Eventually for 6500000 patients (all of Flanders) – A few 1000 to start
Growing data (e.g. lifetime biometrics)
• For many different applications
• Provided by the Government
• Security + Fine-grained Access
Availability
Scalability
4/02/2013
18
• Exchange Platform for Medical Data
• Eventually for 6500000 patients (all of Flanders) – A few 1000 to start
Growing data (e.g. lifetime biometrics)
• For many different applications
• Provided by the Government
• Security + Fine-grained Access
Availability
Scalability
Flexibility
4/02/2013
19
• Exchange Platform for Medical Data
• Eventually for 6500000 patients (all of Flanders) – A few 1000 to start
Growing data (e.g. lifetime biometrics)
• For many different applications
• Provided by the Government
• Security + Fine-grained Access
Availability
Scalability
Flexibility Security
4/02/2013
20
• Exchange Platform for Medical Data
• Eventually for 6500000 patients (all of Flanders) – A few 1000 to start
Growing data (e.g. lifetime biometrics)
• For many different applications
• Provided by the Government
• Security + Fine-grained Access
Availability
Scalability Performance
Flexibility Security
4/02/2013
21
Security
Availability
Scalability Performance
Flexibility
Challenge: Reconciling the NFR's
4/02/2013
4. How to approach this?
• Programming language?
Java @ Smals
• Software Architecture?
N-Tier & SOA @ Smals
• Development approach?
EUP @ Smals
22
? Will this work
Sure, but more geared towards « conventional » projects
Actually we weren’t « sure » so we investigated further …
4/02/2013
XTP versus Traditional N-Tier Solution?
23
Business Processing Tier
Web Tier
Load Balancer
Database Tier
Messaging Tier
4/02/2013
Looking for inspiration…
24
• Social Media
• Stock exchange
• Investment banks
• Telecommunications
• Retail Business
• Web-commerce
• Internet media
• Factory automation
• Aerospace industry
• Online gaming
• Big Data analysis
• …
• Large number of users • High volume of requests • Very demanding availability (24/7) • Peak loads are a moving target • Challenging performance expectation • …
Some of our NFR’s are « easy » compared to their day-2-day operation
4/02/2013
Extreme Transaction Processing
« An application style aimed at supporting
the design, development, deployment,
management and maintenance of
distributed TP applications
characterized by exceptionally demanding
performance, scalability, availability,
security, manageability,
and dependability requirements »
Everything we need « in a box »? 25
4/02/2013
Let’s get this « XTP solution in-a-box »!
26
Big XTP Box Bang!
Hypertable
BigTable
NoSQL
DevOps
MongoDB
MemcacheDB
Cassandra
CouchDB
Voldemort
Map/Reduce
Hadoop
Grid Computing
Space Based Architecture
Event Driven Architecture
Shared Nothing Architecture
Partitioning Terracotta Akka
Erlang
Actor Model
Scala
AmbientTalk
Node.js
…
Async Flows
In-memory DB Master/Worker
Task Execution
4/02/2013
Today’s main focus: Support offered by an XTP middleware Platform
• Several solutions exist MaatG G Platform, GigaSpaces XAP, Appistry, Tibco
ActiveSpaces, Paremus Service Fabric, …
• Currently establishing a position as CEAP’s / EAP’s Good match with « cloud » requirements
Fine-grained elastic scalability, Continuous availability & Non-stop operations Consistent performance
Still require additional work on multitenancy, billing, self provisioning, … Not intrinsic to XTP (can be enablers)
Traditional application servers will not meet future needs to move to the cloud « … dinosaurs tiptoeing through a meteor storm… »
[M. Gualtieri, Forrester 2011]
27
4/02/2013
XTP Platform characteristics enabling Extreme Availability
• Let it crash principle • Zero downtime failover management
Automated failover without side-effects E.g., handover from primary to backup with no manual intervention,
even between datacenters
Automated self-healing without side-effects E.g., creation of new backup nodes after failover with no manual
intervention
Automated replication management E.g., keeping primaries/backups consistent, redo queues, …
• Transparent for client applications The client is unaware of « who » handles the request and is only
interested in getting a result Shield-off all complexity involved in guaranteeing high availability
• Application virtualisation and overall automation are key!
30
4/02/2013
XTP Platform characteristics enabling Extreme Performance
• Improve response time by not moving data around Focus on data/processing affinity
Routing of requests to the location of the data Do not separate tiers physically
Work with an in-memory data grid Cf. caching, but not as an after-the-fact optimisation strategy Persistency as a service, not involved in servicing live requests
• Increase throughput Asynchronous processing flows
Give back control asap Make requests self-contained so they can
served by any « workers » that are available
Work with a processing grid Execute (parts of) requests in « parallel » Avoid relying on external systems Enforce strict internal / external SLA’s
31
4/02/2013
XTP Platform characteristics enabling Extreme Scalability
• Principle of horizontal scaling Increase capacity by adding resources « on the fly » in an
automated fashion Elastic scaling, so capacity can be taken away easily Location-unaware applications
Transparent for client applications as well
Capacity planning vs capacity management
• Application virtualisation and overall automation are key!
32
HORIZONTAL SCALING
VER
TIC
AL
SC
ALIN
G
4/02/2013
Concrete XTP Platform XAP: Characteristics
• Space Based Architecture Based on Tuple Spaces [Gelernter & Carriero]
Cf JavaSpaces, but a lot more
Technology arena: Java, Jini, JMS, Spring, Hibernate, …
Data + Processing+ Messaging Grids
• SLA-driven application containers • Excellent enabler for implementing XTP
architectures Allowing you to focus on the « difficult part » by
taking care of the « hard part »
33
4/02/2013
Server
Program
Memory
Server
Program
Memory
Space Based Architecture
34
4/02/2013
Server
Program
Memory
Space Based Architecture
35
Server
Space
Program
Memory
4/02/2013
Server
Program
Memory
Processing Unit
Processing Unit
Space
Program
Memory
Program
Memory
Space Based Architecture
36
4/02/2013
Server
Program
Memory
Server
Server
Processing Unit
Processing Unit
Space
Program
Memory
Program
Memory
Space Based Architecture
37
4/02/2013
Server
Program
Memory
Server
Server
Server
Processing Unit
Processing Unit
Processing Unit
Space
Program
Memory
Program
Memory
Program
Memory
Space Based Architecture
38
4/02/2013
Server
Program
Memory
Server
Server
Server
Processing Unit
Processing Unit
Processing Unit
Space
Program
Memory
Program
Memory
Program
Memory
Space Based Architecture
39
4/02/2013
Server
Program
Memory
Server
Server
Processing Unit
Processing Unit
Processing Unit
Space
Program
Memory
Program
Memory
Program
Memory
Space Based Architecture
40
4/02/2013
Server
Program
Memory
Server
Server
Server
Processing Unit
Processing Unit
Processing Unit
Space
Program
Memory
Program
Memory
Program
Memory
Space Based Architecture
41
Lots of flexibility and support « out of the box » for realizing an(y) XTP solution
4/02/2013
42
XTP versus Traditional N-Tier Solution?
Business Processing Units
(Data + Processing + Messaging)
A B C
A B C
A B C
Web Processing
Units
Load Balancer
Database
4/02/2013
Conclusions
• XTP is not just a technology or style of programming Impacts software architecture, development process, … An integrated approach / vision is required! Having an XTP platform is only a first step Think outside the traditional box
• Demands disciplined application of development practices Not only functional testing: NFR’s ! Automation is fundamental
• Updating applications with no downtime is an additional challenge Requires « next-release strategy » XTP platforms provide « patterns » to handle this
• Problems can still happen, be prepared! Cf. Recent Amazon / Microsoft /… outages (if the best fail, expect…)
• ROI analysis is absolutely necessary Not every application calls for a platinum-approach
But it never hurts to think about it !
Maximum ROI = Availability + Scalability + Performance
44
4/02/2013
Going Extreme for Health Care
Koen Vanderkimpen @koenvdk
Dirk Deridder @dirkderidder
When Security, Performance, Scalability, and Availability all want to be the star of the show
Q&A